Nisarg Ramdas Nalawade
Satara,MH
Summary
Cybersecurity Assurance Professional with expertise in conducting Security Health Checks (SHC), utilizing CIS benchmarks, and Kyndryl technical specifications. Demonstrated ability to validate scan outputs, identify control deviations, and manage non-compliance remediation in accordance with client security policies. Developed automated CIS-compliant Bash scripts for Red Hat Enterprise Linux (RHEL), eliminating manual intervention. Proficient in Ansible (UDC playbook), PowerShell, and Bash scripting calibration to enhance SHC processes and support compliance with ISO 27001, SOC, and PCI DSS audits. Experienced in supporting ISO 27001, SOC, PCI DSS, and risk-based audits, contributing to strong security governance, and continuous compliance.
Overview
5
5
years of professional experience
3
3
Certificate
Work History
Information Security Analyst
Kyndryl
Pune
01.2021 - Current
- Perform security health checks (SHC) utilizing CIS benchmarks and Kyndryl traditional technical specifications across various technologies (Operating systems, Database, Storage, Mainframe, Network, Cloud Portal, Hypervisor).
- Validate security health check scan outputs, identify control deviations, and raise non-compliance issues aligned with client security policies and standards.
- Track, manage, and close non-compliance records, ensuring timely remediation, and accurate documentation.
- Collaborate with cross-functional teams to remediate deviations, reduce security risks, and maintain compliance posture.
- Support ISO 27001, SOC, PCI DSS, Risk-Based, and SPTP audits.
- Developed CIS and Kyndryl traditional technical specification-compliant bash scripts for Red Hat Enterprise Linux (RHEL) with full automation and zero manual intervention.
- Calibrate scripts and UDC playbooks based on client-specific security and compliance requirements.
- Execute security health check scans using Ansible (UDC playbooks), Bash, and PowerShell scripts.
- Create traditional technical specification documents for technologies lacking official CIS benchmarks.
- RHCSA certified, with a foundational understanding of Linux system administration.
- Track all non-compliance issues end-to-end, and collaborate with stakeholders to ensure required actions are completed within the defined timelines. Where timelines cannot be met, coordinate with owners to extend non-compliance records with appropriate justification in alignment with security policy.
- Maintain patch compliance by collaborating with respective stakeholders to validate released patches, determine applicability, and ensure timely remediation or extension, with required supportive evidence.
- Work with stakeholders to identify, document, and track risks.
Education
Bachelor of Engineering - Electronics And Telecommunication
Maharashtra Institute of Technology
Pune04-2020
Skills
- Governance, risk, and compliance
- Linux
- CIS
- ISO 27001:2022, SOC, PCI DSS, SPTP, risk-based audit support, and evidence management
- Bash scripting automation
- Bash, PowerShell, and Ansible (UDC) playbook calibration and security health check scan execution
- Currently enhancing technical skills in virtualization (VMware ESXi, VMware vCenter) to strengthen security and compliance expertise
Certification
Red Hat Certified System Administrator (RHCSA), ISO 27001:2022, AWS Certified Cloud Practitioner.
Accomplishments
Recognized with the FY25 Power of Winners Award.
Timeline
Information Security Analyst
Kyndryl
01.2021 - Current
Bachelor of Engineering - Electronics And Telecommunication
Maharashtra Institute of Technology